Windows 7 funzionante ma desktop nero senza barre ne icone

[Dylan666]

Guarda se hai questa chiave:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

Se cosí fosse metti lí explorer1.exe e poi rimetti la chiave di prima di nuovo con explorer.exe come stava.
Riavvia e vedi che succede.

[Tricka90]

Ho risolto subito dopo.
Ho provato semplicemente a correggere nuovamente il nome in explorer.exe, sia in Shell che nel file vero e proprio.
Ho avviato quindi il processo explorer.exe ed il desktop è riapparso.
Ho riavviato il PC e il desktop stavolta ha funzionato!

Dimenticavo, prima di riavviare il PC ho fatto una scansione completa con Avira; ha rilevato due file sospetti relativi all'installazione di Alcohol120% e SmartBar e gli ha spostati in quarantena. Probabilmente anche questo fatto ha aiutato a risolvere il problema.

[Dylan666]

Grazie del feedback sarà utile ad altri

[Daniele94]

Salve a tutti mi sono appena iscritto!

Ho lo stesso identico problema, il fatto è che sono negato e la soluzione mi deve essere spiegata in parole povere ahah
Praticamente sono andato su Task manager (ctrl+alt+canc) ---> processi---> poi tasto destro su explorer.exe ma quando provo a rinominarlo explorer1.exe mi da una finestra dove dice che serve l'autorizzazione di trustinstaller! L'unica opzione che ho è cliccare su annulla o chiudere la finestra.. Qualcuno mi può dare una mano?

Grazie in anticipo!
Daniele

[davide72]

riavvia il pc e premi F8 subito dopo il logo del produttore pc , quindi dal menu scorri con le frecce e seleziona "modalita provvisoria" e invia , vedi se compare il desktop

[Daniele94]

Niente da fare! desktop nero e barra di start inesistente!

[COCCOBELLO]

fai una bella passata di combofix,avrai esplora risorse infetto
http://www.windoctor.it/video-guide/vid ... -combofix/

[Daniele94]

Stanotte lascerò combofix a scansionare il pc.

ma... non credete che la soluzione che ha trovato tricka90 possa funzionare nel mio caso?

[COCCOBELLO]

Stanotte?
mica ci vuole una nottata per fare una scansione
max 20 minuti

si provala,ma tu hai detto che non sei capace e se ti da errori con i permessi,la vedo dura
Tricka90 da come accennava aveva qualche virus e crdeo sia quello
combofix te lo risolve atomaticamente anche se ci sono file di sistema corrotti

[davide72]

se non funziona con combofix , prova con hitmanPRO kickstart su chiavetta usb e avviarla da boot
guida http://www.surfright.nl/en/kickstart scarica il tool hitman pro versione 3.7 x32 o x64 e poi segui i 2 video a centro pagina che spiega come preparare la chiavetta e come fare la scansione da boot

[Daniele94]

combofix way of life Risolto tutto in un attimo
Non so come ringraziarvi!! è tornato il desktop e pure la barra! Chiedo scusa per l'accenno di sfiducia

Risparmiati 50 euro

[davide72]

allora birra per coccobello

[COCCOBELLO]

Già combofix non fallisce mai
una birra la berrei volentieri

[claudiapiantanida]

Scusa da ieri mi è scomparso il desktop. Il notebook si accende ma rimane lo schermo nero e solo con la freccia del mouse riesco a lavorare solo con task manager..Ho provato quello scritto nei post sopra ma io nella cartella explorer.exe non c'è proprio..ho provato con combofix e il desktop è riprovato ma quanto ho riacceso il pc stamattina era scomparso ancora.. cosa posso fare?
Grazie

[COCCOBELLO]

se non è un problema hardware o il bios o la scheda video,può essere un virus
rifai la scansione con combofix dopo posta il report che rilascia

assicurati di non avere programmi craccati sul tuo pc,se li hai disinstallali

dopo usa questo programma per aggiornare i driver
http://www.windoctor.it/software/utilit ... r-booster/

[claudiapiantanida]

ho provato quello che mi hai detto e poi rifatto partire combofix ed è ricomparso tutto
e funzionava bene ma quando l'ho riacceso è tornato tutto uguale.
l'unica differenza è un piccola barra che indica la situazione ram e cpu
non so se può essere utile ma ogni tanto nel task manager esce come attività
controldeckmainwindow con indicato che non risponde
Non trovo il primo report di combofix ma oggi ha ridato questo:
ComboFix 15-02-02.01 - Claudia 03/02/2015 14:00:26.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3885.2420 [GMT 1:00]
Eseguito da: c:\users\Claudia\Downloads\ComboFix.exe
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
La copia infetta di c:\windows\SysWow64\wshtcpip.dll è stata trovata e disinfettata
ipristinata copia da - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!SysWOW64!WSHTCPIP.DLL
.
.
((((((((((((((((((((((((( Files Creati Da 2015-01-03 al 2015-02-03 )))))))))))))))))))))))))))))))))))
.
.
2015-02-03 13:09 . 2015-02-03 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-03 12:42 . 2015-02-03 12:42 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-02-03 12:25 . 2015-02-03 12:25 129224 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2015-02-03 12:25 . 2015-02-03 12:25 -------- d-----w- c:\program files\Synaptics
2015-02-03 12:25 . 2015-02-03 12:25 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2015-02-03 12:25 . 2015-02-03 12:25 34544 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2015-02-03 12:25 . 2015-02-03 12:25 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2015-02-03 12:25 . 2015-02-03 12:25 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2015-02-03 12:18 . 2015-02-03 12:41 -------- d-----w- c:\users\Claudia\AppData\Roaming\ProductData
2015-02-03 12:17 . 2015-02-03 12:17 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-03 12:16 . 2015-02-03 12:16 -------- d-----w- c:\program files (x86)\Common Files\IObit
2015-02-03 12:15 . 2015-02-03 12:49 -------- d-----w- c:\programdata\ProductData
2015-02-03 12:15 . 2015-02-03 12:48 -------- d-----w- c:\users\Claudia\AppData\Roaming\IObit
2015-02-03 12:15 . 2015-02-03 12:16 -------- d-----w- c:\programdata\IObit
2015-02-03 12:15 . 2015-02-03 12:48 -------- d-----w- c:\program files (x86)\IObit
2015-02-03 11:57 . 2015-02-03 11:57 -------- d-----w- c:\users\picci
2015-02-02 20:53 . 2015-02-02 20:53 -------- d-----w- c:\users\Claudia\AppData\Roaming\Mobogenie
2015-02-02 20:09 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54D9E8C3-ED25-4E8C-B990-A36220B74245}\mpengine.dll
2015-02-02 20:09 . 2014-12-22 23:41 298120 ------w- c:\windows\system32\MpSigStub.exe
2015-02-02 20:09 . 2015-02-02 20:09 -------- d-----w- c:\program files (x86)\Common Files\ControlDeck
2015-02-02 20:07 . 2015-02-02 20:07 -------- d-----w- C:\data
2015-02-02 10:27 . 2015-02-02 19:38 -------- d-----w- c:\program files\HitmanPro
2015-02-02 09:56 . 2015-02-02 10:40 -------- d-----w- c:\programdata\HitmanPro
2015-02-01 22:23 . 2015-02-01 22:23 -------- d-----w- c:\users\Claudia\AppData\Roaming\TuneUp Software
2015-02-01 19:01 . 2015-02-02 19:38 -------- d-----w- c:\users\Claudia\AppData\Roaming\MyPhoneExplorer
2015-02-01 19:00 . 2015-02-02 19:38 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2015-02-01 18:38 . 2015-02-01 18:38 -------- d-sh--w- c:\users\Claudia\AppData\Local\EmieBrowserModeList
2015-02-01 18:35 . 2015-02-01 18:35 -------- d-----w- c:\users\Claudia\AppData\Local\Programs
2015-02-01 18:14 . 2015-02-01 18:36 -------- d-----w- c:\users\Claudia\AppData\Roaming\Solvusoft
2015-02-01 17:40 . 2015-02-01 17:40 -------- d-----w- c:\users\Claudia\AppData\Roaming\WSE_Vosteran
2015-02-01 17:40 . 2015-02-01 17:49 -------- d-----w- c:\users\Claudia\AppData\Local\4813239
2015-02-01 17:30 . 2014-05-07 16:42 144664 ----a-w- c:\windows\SysWow64\secman.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-03 12:23 . 2011-10-13 10:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2015-02-03 12:23 . 2010-05-14 02:17 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2015-01-16 10:50 . 2011-07-15 17:28 113365784 ----a-w- c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-17 20:16 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 20:16 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 09:27 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 09:27 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 09:27 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 09:27 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 09:27 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 09:27 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 09:27 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 09:27 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 09:27 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 09:26 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 09:27 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 09:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 09:27 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 09:27 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 09:27 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 09:27 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 09:26 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 09:27 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 09:27 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 09:27 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 09:27 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 09:27 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 09:27 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 09:27 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 09:27 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 09:27 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 09:27 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 09:26 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 09:27 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 09:27 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 09:27 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 09:27 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 09:27 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 09:27 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 09:27 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 09:27 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 09:27 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 09:27 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 09:27 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 09:27 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 09:27 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 09:27 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 09:27 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 09:27 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 09:27 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 09:27 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 09:27 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 09:27 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-19 03:26 . 2014-11-19 03:26 1614504 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 03:09 . 2014-12-11 09:27 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 21:05 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 21:05 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 09:27 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 21:05 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 21:05 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 09:27 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 09:25 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 09:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-14 911032]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2014-12-10 2427680]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WSE_Vosteran"="c:\windows\SysWOW64\wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2015-01-27 5768480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/it.special-uninstall ... =10.0.1432" [?]
"WSE_Vosteran"="c:\windows\SysWOW64\wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R1 pfnfd_1_10_0_8;pfnfd_1_10_0_8;c:\windows\system32\drivers\pfnfd_1_10_0_8.sys;c:\windows\SYSNATIVE\drivers\pfnfd_1_10_0_8.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe;c:\windows\SYSNATIVE\FsUsbExService.Exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;Scheda RNDIS6 USB;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MobogenieService;MobogenieService;c:\program files (x86)\Mobogenie3\MobogenieService.exe;c:\program files (x86)\Mobogenie3\MobogenieService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:17 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:48]
.
2015-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 04:52]
.
2015-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 04:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-03 12:17 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-02-03 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-02-03 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-02-03 418800]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\laog7qok.default\
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - 8602722400000000000020cf30d2c4d7
FF - user.js: extensions.claro.instlDay - 15600
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.121:55
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110823&tt=3912_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_de ... 0d2c4d7&q=
FF - user.js: extensions.BabylonToolbar.id - 8602722400000000000020cf30d2c4d7
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15611
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1220:53
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OySpqkrpZ
FF - user.js: extensions.incredibar_i.upn2n - 92262349958536215
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OySpq ... 26&search=
FF - user.js: extensions.incredibar_i.id - 860272240000000000004e5d6086fce7
FF - user.js: extensions.incredibar_i.instlDay - 15640
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:13
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 860272240000000000004e5d6086fce7
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16055
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.313:45
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YCPCT
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://vosteran.com/?f=1&a=vst_dnldastr ... 594150&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://vosteran.com/?f=2&a=vst_dnldastr ... 594150&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://vosteran.com/?f=3&a=vst_dnldastr ... 150&ir=&q=
FF - user.js: extensions.srchvstrn.id - 4E5D6086FCE77224
FF - user.js: extensions.srchvstrn.instlDay - 16467
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 18:40
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_dnldastr_15_05
FF - user.js: extensions.srchvstrn.instlRef - 142905_d
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.cr - 1224594150
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzzyC0F0C0EyByBtBtByEtN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StDyE0AtDzytC0AtBtGtD0E0AyDtG0F0FzzyEtGtCyBtDtBtGyCtA0EzytB0ByEtDtC0F0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0A0DtAtCtDyEtG0B0CtDyCtGyEtCyEzztG0A0FtDtCtGzyzy0DtCtD0EyDtBzyzyzztD2Q
FF - user.js: extensions.srchvstrn.AL - 4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
AddRemove-DAEMON Tools Lite - c:\program files (x86)\DAEMON Tools Lite\uninst.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-Freemake Audio Converter_is1 - c:\program files (x86)\Freemake\Freemake Audio Converter\Uninstall\unins000.exe
AddRemove-InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7} - c:\program files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe
AddRemove-InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe
AddRemove-InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
AddRemove-InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE} - c:\program files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe
AddRemove-InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384} - c:\program files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe
AddRemove-InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89} - c:\program files (x86)\InstallShield Installation Information\{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}\Setup.exe
AddRemove-Mozilla Thunderbird (6.0.2) - c:\program files (x86)\Mozilla Thunderbird\uninstall\helper.exe
AddRemove-{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe
AddRemove-{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
AddRemove-{D36DD326-7280-11D8-97C8-000129760CBE} - c:\program files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe
AddRemove-{E3739848-5329-48E3-8D28-5BBD6E8BE384} - c:\program files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hitmanpro37]
"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro37.sys"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Mobogenie3\MoboGenieHelper.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\SysWOW64\runonce.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Ora fine scansione: 2015-02-03 14:16:37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-02-03 13:16
ComboFix2.txt 2015-02-02 12:45
ComboFix3.txt 2015-02-02 09:44
ComboFix4.txt 2015-02-01 22:35
.
Pre-Run: 15.489.388.544 byte disponibili
Post-Run: 15.029.043.200 byte disponibili
.
- - End Of File - - 8C9ADBDD667A4DB49B4199B3807AA149

[danny]

Consiglio:
E' sempre meglio avere una immagine del proprio disco, così da ripristinare il sistema
com'era in pochi minuti. Un ottimo programma è Macrium Reflect.
http://download.cnet.com/Macrium-Reflec ... tag=button

[COCCOBELLO]

HAI ANCORA IL PC INFETTO

segui questa guida e rimuovi tutto ciò che trovano i tool
http://www.windoctor.it/sicurezza/come- ... i-i-virus/

salta solo combofix e hitmanpro se già lo hai usato

[claudiapiantanida]

grazie
oggi ho lasciato il pc acceso e si è scarica la batteria alla riaccensione stasera sembra funzionare
in modo corretto
però faccio la scansione con tutto cmq cosi risolvo del tutto

[COCCOBELLO]

ok
prego
fai sapere